avatar
Moshe Kol
Security Researcher
  • HOME
Home
Moshe Kol
Cancel

Hello! :wave:

I’m Moshe Kol (0xkol), a security researcher and a low-level systems developer. I’m passionate about computer security and particularly interested in operating systems security, networks security and cryptography.

I have many years of experience practicing vulnerability research (embedded, kernel), reverse engineering (x86-64, Arm32/64) and exploit development. Presently, I work as a vulnerability researcher at Paragon Solutions. Prior to that, I did embedded and Android kernel security research at JSOF.

I obtained my M.Sc. and B.Sc. in Computer Science from the Hebrew University of Jersualem, under the supervision of Yossi Gilad. In my thesis, I worked on a new browser-based device tracking technique for Linux.

When I’m off duty, I like spending time with my loved ones.

Feel free to reach out and contact me via Twitter/Email!

Selected Research

  • Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel. Moshe Kol. OffensiveCon 2023. White Paper | Slides | Source Code

  • Device Tracking via Linux’s New TCP Source Port Selection Algorithm. Moshe Kol, Amit Klein, and Yossi Gilad. USENIX Security Symposium 2023. Preprint | Extended Paper | Source Code | Demo | Selected press coverage: LWN, Security Now 892

  • Groove: Flexible Metadata-Private Messaging. Ludovic Barman, Moshe Kol, David Lazar, Yossi Gilad, and Nickolai Zeldovich. Symposium on Operating Systems Design and Implementation (OSDI) 2022. Paper | Talk (Presented by Ludovic Barman)

  • DNSpooq: Cache Poisoning and RCE in Popular DNS Forwarder dnsmasq. Moshe Kol, Shlomi Oberman. White Paper | GreHack 2021 Talk | Selected press coverage: ZDNet, Threatpost, BleepingComputer

  • Ripple20: 19 Zero-Day Vulnerabilities Amplified by the Supply Chain. Moshe Kol, Ariel Schön, Shlomi Oberman. Disclosure | CVE-2020-11896 White Paper + Exploit | CVE-2020-11901 White Paper | Black Hat USA 2020 Talk + Slides | DEF CON 28 Talk + Slides | Selected press coverage: ZDNet, Forbes, TechTarget, Security Now 772 + Security Now 773

Talks

  • Device Tracking via Linux’s New TCP Source Port Selection Algorithm. DANSS Seminar 2022
  • Pluginizing QUIC. DANSS Seminar 2021
  • DNSpooq – Does DNS cache poisoning still matter? GreHack 2021
  • Reverse Engineering Archeology: Multiple Devices, Multiple Versions. CONFidence 2020 + Slides | CODE BLUE 2020 | GreHack 2020
  • Hacking the Supply Chain – The Ripple20 Vulnerabilities Haunt Tens of Millions of Critical Devices. Black Hat USA 2020 | DEF CON 28

Honors and Awards

  • Hebrew University Computer Science and Engineering Dean Prize, 2022.
  • KLA Scholarship for excellent students, 2021.
  • Certificate of Appreciation for social contribution, caring and devotion during the bachelor’s degree, 2021. Elected by the students’ majority vote.
  • Hebrew University Rector Prize, 2020.
  • Hebrew University Computer Science and Engineering Dean Prize, 2019.

Lecture Notes

  • Data Structures (Hebrew)
  • Algorithms (Hebrew) – Official lecture notes
  • Computational Models, Computability and Complexity (Hebrew)
  • Nand2Tetris

© 2023 Moshe Kol. Some rights reserved.

Powered by Jekyll with Chirpy theme.

A new version of content is available.